Docker部署Nginx HTTPS服务的实现步骤

张开发
2026/7/2 1:38:29 15 分钟阅读
Docker部署Nginx HTTPS服务的实现步骤
一、文档说明1.1 适用环境操作系统CentOS 764位核心目标基于 Docker 部署 Nginx 服务实现 HTTP 自动跳转 HTTPS解决中文乱码、证书挂载、镜像检测等问题前置条件服务器以 root 用户登录且能访问外网已手动拉取nginx:1.21镜像1.2 最终效果访问http://192.168.10.110自动跳转至https://192.168.10.110HTTPS 页面正常显示中文无乱码Nginx 容器开机自启配置/证书/日志持久化存储二、详细部署步骤步骤1环境检查与基础准备1.1 检查用户权限必须 root123# 验证当前用户是否为 rootid-u# 输出 0 表示为 root 用户否则切换 rootsu root1.2 安装基础工具解决依赖12# 安装 lsof端口检测、openssl证书生成等工具yuminstall-ylsofopenssl net-tools wget curl /dev/null1.3 检查端口可用性80/443 必须空闲1234567# 检查 80 端口lsof-i:80# 检查 443 端口lsof-i:443# 若端口被占用关闭占用进程示例关闭 80 端口占用进程kill-9 $(lsof-t -i:80)步骤2创建工作目录统一管理资源1234# 创建核心目录配置/证书/页面/日志mkdir-p/opt/nginx-https/{conf,cert,wwwroot,logs}# 设置目录权限避免容器挂载后权限不足chmod-R 755/opt/nginx-https步骤3生成 SSL 自签名证书123456789101112131415161718192021# 进入证书目录cd/opt/nginx-https/cert# 1. 生成 2048 位私钥无密码openssl genrsa -out nginx.key 2048 /dev/null# 2. 生成证书请求文件无交互适配主机 IPopenssl req -new -key nginx.key -out nginx.csr -subj/CCN/STBeijing/LBeijing/OTest/OUIT/CN192.168.10.110/dev/null# 3. 生成自签名证书有效期 365 天openssl x509 -req -days 365 -innginx.csr -signkey nginx.key -out nginx.crt /dev/null# 4. 验证证书文件必须存在 nginx.key 和 nginx.crtls-l/opt/nginx-https/cert/# 输出如下则成功# -rw-r--r-- 1 root root 1027 12月 28 23:00 nginx.crt# -rw-r--r-- 1 root root 1086 12月 28 23:00 nginx.csr# -rw-r--r-- 1 root root 1675 12月 28 23:00 nginx.key# 5. 设置证书权限Nginx 需读取权限chmod644/opt/nginx-https/cert/nginx.key/opt/nginx-https/cert/nginx.crt步骤4编写 Nginx HTTPS 配置文件4.1 创建配置文件1vim/opt/nginx-https/conf/nginx.conf4.2 粘贴完整配置含 UTF-8 编码解决中文乱码1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556worker_processes 1;error_log/var/log/nginx/error.log warn;pid/var/run/nginx.pid;events {worker_connections 1024;}http {# 核心解决中文乱码全局指定 UTF-8 编码charset utf-8;include/etc/nginx/mime.types;default_type application/octet-stream;log_format main$remote_addr [$time_local] $request $status $body_bytes_sent $http_referer $http_user_agent $http_x_forwarded_for;access_log/var/log/nginx/access.log main;sendfile on;keepalive_timeout 65;# HTTP 服务自动跳转 HTTPSserver {listen 80;server_name 192.168.10.110;return301 https://$host$request_uri;}# HTTPS 核心配置server {listen 443 ssl;server_name 192.168.10.110;# 证书挂载路径容器内路径对应宿主机 /opt/nginx-https/certssl_certificate/etc/nginx/cert/nginx.crt;ssl_certificate_key/etc/nginx/cert/nginx.key;# SSL 优化配置ssl_session_cache shared:SSL:1m;ssl_session_timeout 5m;ssl_ciphers HIGH:!aNULL:!MD5;ssl_prefer_server_ciphers on;# 静态页面目录挂载宿主机 /opt/nginx-https/wwwrootlocation / {root/usr/share/nginx/html;index index.html index.htm;}# 错误页面配置error_page 500 502 503 504/50x.html;location /50x.html {root/usr/share/nginx/html;}}}4.3 验证配置语法关键挂载证书目录验证123456789# 用容器内 Nginx 验证配置同时挂载配置和证书目录docker run --rm\-v/opt/nginx-https/conf/nginx.conf:/etc/nginx/nginx.conf \-v/opt/nginx-https/cert:/etc/nginx/cert\nginx:1.21 nginx -t# 输出如下则配置正确# nginx: the configuration file /etc/nginx/nginx.conf syntax is ok# nginx: configuration file /etc/nginx/nginx.conf test is successful步骤5创建测试页面解决中文乱码12# 编辑测试页面指定 UTF-8 编码vim/opt/nginx-https/wwwroot/index.html粘贴以下内容12345678910!DOCTYPE htmlhtmlheadmetacharsetUTF-8/headbodyh1Nginx HTTPS 部署成功/h1p主机IP192.168.10.110/p/body/html设置页面权限1chmod644/opt/nginx-https/wwwroot/index.html步骤6启动 Nginx 容器6.1 清理旧容器避免冲突123# 停止并删除同名旧容器若存在docker stop nginx-https /dev/nulldockerrmnginx-https /dev/null6.2 启动新容器完整挂载所有目录1234567891011docker run -d \--name nginx-https \--privilegedtrue\-p 80:80 \-p 443:443 \-v/opt/nginx-https/conf/nginx.conf:/etc/nginx/nginx.conf \-v/opt/nginx-https/cert:/etc/nginx/cert\-v/opt/nginx-https/wwwroot:/usr/share/nginx/html\-v/opt/nginx-https/logs:/var/log/nginx\--restartalways \nginx:1.21参数说明参数作用--name nginx-https容器命名为 nginx-https--privilegedtrue提升容器权限解决挂载目录权限不足问题-p 80:80/-p 443:443宿主机端口映射到容器端口-v 宿主机路径:容器路径目录挂载实现配置/证书/页面/日志持久化修改宿主机文件无需重建容器--restartalways容器随 Docker 开机自启6.3 验证容器启动状态12345# 查看容器是否运行状态为 Up 则成功dockerps|grepnginx-https# 输出示例# abc123456789 nginx:1.21 /docker-entrypoint.… 10 seconds ago Up 9 seconds 0.0.0.0:80-80/tcp, 0.0.0.0:443-443/tcp nginx-https三、验证部署结果3.1 命令行验证3.1.1 验证 HTTP 自动跳转1234curl -I http://192.168.10.110# 输出 301 跳转则成功# HTTP/1.1 301 Moved Permanently# Location: https://192.168.10.110/3.1.2 验证 HTTPS 访问忽略自签名证书12curl -k https://192.168.10.110# 输出测试页面 HTML 内容则成功无乱码3.2 浏览器验证打开浏览器访问https://192.168.10.110忽略“不安全连接”警告自签名证书正常现象页面显示“Nginx HTTPS 部署成功主机IP192.168.10.110”中文无乱码则完成。四、常见问题排查4.1 镜像检测失败现象提示“nginx:1.21 镜像不存在”但已拉取解决用格式化命令验证镜像12docker images --format{{.Repository}}:{{.Tag}}|grepnginx:1.21# 输出 nginx:1.21 则镜像存在重新执行启动命令即可4.2 证书文件不存在现象Nginx 配置测试提示“cannot load certificate”解决123# 检查证书文件是否存在ls-l/opt/nginx-https/cert/# 重新生成证书步骤3确保 nginx.key 和 nginx.crt 存在4.3 中文乱码现象页面中文显示为方框/乱码解决确认测试页面添加meta charsetUTF-8确认 Nginx 配置http块内添加charset utf-8重启容器docker restart nginx-https。4.4 端口占用现象容器启动失败提示端口被占用解决1234# 查找占用端口的进程lsof-i:80# 关闭进程示例kill-9 $(lsof-t -i:80)五、日常运维命令5.1 容器启停/重启123456# 启动docker start nginx-https# 停止docker stop nginx-https# 重启配置修改后生效docker restart nginx-https5.2 查看日志123456# 查看容器启动日志docker logs nginx-https# 查看 Nginx 访问日志cat/opt/nginx-https/logs/access.log# 查看 Nginx 错误日志cat/opt/nginx-https/logs/error.log5.3 修改配置后生效123456# 1. 修改宿主机配置文件vim/opt/nginx-https/conf/nginx.conf# 2. 验证配置语法docker run --rm-v/opt/nginx-https/conf/nginx.conf:/etc/nginx/nginx.conf -v/opt/nginx-https/cert:/etc/nginx/certnginx:1.21 nginx -t# 3. 重启容器docker restart nginx-https5.4 删除容器如需重装123docker stop nginx-https dockerrmnginx-https# 可选删除工作目录谨慎操作rm-rf/opt/nginx-https到此这篇关于Docker部署Nginx HTTPS服务的实现步骤的文章就介绍到这了

更多文章